14 DAY TRIAL // Sensitive information about customers has been inadvertently leaked online by MBIA Inc, resulting in search engines indexing the data.
The mistake leading to the incident was a misconfigured security setting in an Oracle Reports database server.
As a result, the information became public and search engines were quick at indexing customer account numbers, balances, dividends, account holder names, and even instructions on how to authorize new bank accounts for deposits.
Confidential data was discovered using a search engine
According to security blogger Brian Krebs, who notified MBIA of the incident, Google included in its results about 230 pages containing such information.
The leak was discovered by independent security expert Bryan Selly at Seely Security, who found the sensitive details through a search engine.
In a conversation with Krebs, Seely said that the poorly configured server also exposed a reports diagnostics page, which contained credentials for accessing almost all customer account data stored on the machine.
Potential danger is significant
MBIA, formerly known as the Municipal Bond Insurance Association, is a financial services company that provides municipal bond insurance, investment management products and consulting services.
“Malicious hackers finding dozens of universities or companies with Social Security numbers, health data or other information is devastating, but stumbling on bank accounts and the instructions for how to empty them is potentially catastrophic,” Seely told Krebs.
Data touching on multiple investment pools has been exposed, including Texas CLASS, the Louisiana Asset Management Pool, the New Hampshire Public Deposit Investment Pool, Connecticut CLASS Plus, and the Town of Richmond, NH.
“Billions in taxpayer funds, invested into one of the largest institutions in the world that were essentially being guarded by a sleeping security guard,” commented Seely.
The issue has been corrected by MBIA
The organization said in a statement that an investigation was initiated to determine the cause of the leak and the necessary measures that need to be applied to protect the customer data and improve security of the systems.
At the moment, the vulnerable server has been taken offline, but there is no information about the measures taken by Google to remove access to the sensitive documents from web search results.
For a period of time, content indexed by Google can still be accessed from a cached copy of the original. After a while, the cached content is removed from the data center and can no longer be accessed.
Alternatively, the owner of the content can issue a request for Google to remove the cached copy of the original content.